bf83a605b89e61941694fead752f230a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf83a605b89e61941694fead752f230a_JaffaCakes118
Size

946KB
MD5

bf83a605b89e61941694fead752f230a
SHA1

bf8b9612cf89791c5de8b2c8cc10055956d4bea8
SHA256

31085f6e39443951d421fbc97f6739a9803d191007b5170672c7c8a93238330a
SHA512

6b77392b05ed0a430b19624ad50c118c1e8254ee8cf1ec8e93df71c96b4d4a1b9c8cfb39528fd26fe21d25c503278e4b817685f22dfa13d32e10ba2059f3a121
SSDEEP

12288:CzftXD92GsxQAqESmo3+KtTl1p/I7LkTZhbYfLV/3KBdpzwKgtqX//gU5THM06:i1XD92Qm3oD9I7ATbo/3KBLjXFD6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf83a605b89e61941694fead752f230a_JaffaCakes118

Files

bf83a605b89e61941694fead752f230a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6bafedc2eda167f647da37d72236d49a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
VirtualAlloc
ExitProcess
GetCurrentThreadId
GetLastError
WaitForSingleObject
SetHandleCount
SetFilePointer
CloseHandle
GetLocalTime
lstrcmpiW
GetModuleFileNameW
CreateProcessW
GetCommandLineW
GetFileAttributesW
LCMapStringW
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
GetStringTypeW
HeapReAlloc
HeapAlloc
OutputDebugStringW
RtlUnwind
LoadLibraryExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapFree
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
SetLastError
EncodePointer
DecodePointer
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileW

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
SafeArrayRedim
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VariantInit
VariantCopy
VariantChangeTypeEx
VarI4FromStr
VarCyFromStr
VarBstrFromDate
VarBstrFromBool
VarNeg
VarBoolFromStr

setupapi

SetupCloseInfFile
SetupFindFirstLineW
SetupCloseFileQueue
SetupInstallFromInfSectionW
SetupDiCreateDeviceInfoListExW
SetupDiGetDeviceInfoListDetailW
SetupDiBuildDriverInfoList
SetupDiGetSelectedDriverW
SetupDiGetClassDevsExW
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsW
CM_Get_Device_IDW
CM_Get_DevNode_Registry_Property_ExW

wintrust

WTHelperProvDataFromStateData

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 751KB - Virtual size: 750KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bafedc2eda167f647da37d72236d49a

Headers

File Characteristics

Imports

kernel32

oleaut32

setupapi

wintrust

Sections

.text Size: 82KB - Virtual size: 81KB

.rdata Size: 751KB - Virtual size: 750KB

.data Size: 13KB - Virtual size: 6.6MB

.rsrc Size: 99KB - Virtual size: 99KB

.text
Size: 82KB - Virtual size: 81KB

.rdata
Size: 751KB - Virtual size: 750KB

.data
Size: 13KB - Virtual size: 6.6MB

.rsrc
Size: 99KB - Virtual size: 99KB